diff --git a/wavpack-5.4.0.tar.bz2 b/wavpack-5.4.0.tar.bz2 deleted file mode 100644 index 40c7f2e..0000000 --- a/wavpack-5.4.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0716a6dcf9a72d61005e1b09bbbd61aaf49837cb4e4a351992a6daed16cac034 -size 863429 diff --git a/wavpack-5.5.0.tar.bz2 b/wavpack-5.5.0.tar.bz2 new file mode 100644 index 0000000..704925f --- /dev/null +++ b/wavpack-5.5.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7a222f96c391138d340793a1b06d517d7a514de85b5915216051b7386f222977 +size 905755 diff --git a/wavpack-CVE-2021-44269.patch b/wavpack-CVE-2021-44269.patch deleted file mode 100644 index 244ae26..0000000 --- a/wavpack-CVE-2021-44269.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/cli/dsdiff.c b/cli/dsdiff.c -index d7adb6a..5bdcae3 100644 ---- a/cli/dsdiff.c -+++ b/cli/dsdiff.c -@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa - } - - total_samples = dff_chunk_header.ckDataSize / config->num_channels; -+ -+ if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) { -+ error_line ("%s is not a valid .DFF file!", infilename); -+ return WAVPACK_SOFT_ERROR; -+ } -+ - break; - } - else { // just copy unknown chunks to output file -diff --git a/cli/dsf.c b/cli/dsf.c -index e1d7973..dddd488 100644 ---- a/cli/dsf.c -+++ b/cli/dsf.c -@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC - - if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 || - format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved || -+ format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 || - (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) || - format_chunk.numChannels < 1 || format_chunk.numChannels > 6 || - format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) { - diff --git a/wavpack.changes b/wavpack.changes index dad157c..51e5d63 100644 --- a/wavpack.changes +++ b/wavpack.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Mon Jul 11 17:47:55 UTC 2022 - Dirk Müller + +- update to 5.5.0: + * fixed: CVE-2021-44269 (encoding crafted DSD file triggers OOB read crash) + * fixed: very long filenames cause stack-overflow crash in all CLI programs + * fixed: the length stored in WAV headers not always corrected when using -i + * fixed: attempting to encode raw DSD audio from stdin sometimes causes crash + * fixed: DSD to PCM decimation: small clicks between tracks and tiny DC offset + * fixed: length update in library-generated WAV headers on big-endian machines + * fixed: sanitize custom extensions read from WavPack files to be alphanumeric + * added: accepting brace-delimited options in the wavpack executable filename + * added: "--drop" option to Windows executables for multi-file "drag-and-drop" + * added" "--raw-pcm" option to wvunpack executable (does DSD --> 24-bit PCM) + * added: "--no-overwrite" option to wavpack executable (to resume sessions) + * improved: build system clean-up including switch to non-recursive "make" +- drop wavpack-CVE-2021-44269.patch (upstream) +- add doc subpackage + ------------------------------------------------------------------- Wed Mar 16 09:03:47 UTC 2022 - pgajdos@suse.com diff --git a/wavpack.spec b/wavpack.spec index d3e1ada..cf4c8f5 100644 --- a/wavpack.spec +++ b/wavpack.spec @@ -18,16 +18,14 @@ %define soname 1 Name: wavpack -Version: 5.4.0 +Version: 5.5.0 Release: 0 Summary: Hybrid Lossless Audio Compression Format License: BSD-3-Clause Group: Productivity/Multimedia/Sound/Editors and Convertors -URL: http://www.wavpack.com/ -Source0: http://www.wavpack.com/%{name}-%{version}.tar.bz2 +URL: https://www.wavpack.com/ +Source0: https://www.wavpack.com/%{name}-%{version}.tar.bz2 Source99: baselibs.conf -# CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file -Patch0: wavpack-CVE-2021-44269.patch BuildRequires: pkgconfig %description @@ -50,7 +48,6 @@ Group: System/Libraries %description -n libwavpack%{soname} WavPack is an open audio compression format providing lossless, high-quality lossy, and unique hybrid compression modes. - Lossless mode is ideal for archiving audio material or any other situation where quality is paramount. The compression ratio depends on the source material, but generally is between 30%% and 70%%. @@ -68,9 +65,20 @@ lossy, and unique hybrid compression modes. This subpackage contains libraries and header files for developing applications that want to make use of wavpack. +%package doc +Summary: Documentation files for wavpack, an audio compression format +Group: Development/Libraries/C and C++ +Requires: %{name} = %{version} + +%description doc +WavPack is an open audio compression format providing lossless, high-quality +lossy, and unique hybrid compression modes. + +This subpackage contains development documentation for applications that +want to make use of wavpack. + %prep %setup -q -%patch0 -p1 %build %configure --disable-static @@ -80,6 +88,9 @@ applications that want to make use of wavpack. %make_install find %{buildroot} -type f -name "*.la" -delete -print +install -d -m 755 %{buildroot}%{_defaultdocdir} +mv %{buildroot}/usr/share/doc/%name %{buildroot}%{_defaultdocdir} + %check %make_build check @@ -88,7 +99,6 @@ find %{buildroot} -type f -name "*.la" -delete -print %files %license COPYING -%doc ChangeLog README.md %{_bindir}/wavpack %{_bindir}/wvgain %{_bindir}/wvunpack @@ -104,4 +114,7 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/libwavpack.so %{_libdir}/pkgconfig/wavpack.pc +%files doc +%doc %_defaultdocdir/%name + %changelog